IPFire project's Michael Tremer announced today the general availability of IPFire 2.21 Core Update 125, an incremental update to the hardened open-source Linux firewall distribution targeted at routers and hardware firewalls.
Packed with lots of bug fixes and cleanups, the IPFire 2.21 Core Update 125 patch is here to introduce support for the 802.11ac Wi-Fi standard in the IPFire Access Point add-on, which should allow for better wireless coverage and higher network throughputs, especially in home environments. Of course, the machine running IPFire should have a network interface supporting the 802.11ac wireless protocol for this to work.
"Although IPFire might not be the first choice as a wireless access point in larger environments, it is perfect to run a single office or apartment," said Michael Tremer. "Additionally, a new switch allows disabling the so-called neighborhood scan where the access point will search for other wireless networks in the area. If those are found, 40 MHz channel bandwidth is disabled leading to slower throughput."
Security and bug fixes, add-on and core updates
If you're not interested in the 802.11ac Wi-Fi support, you should consider updating your installations to IPFire 2.21 Core Update 125 because it brings lots of security and bug fixes, including strongSwan 5.7.1, which addresses several flaws in the implementation used for parsing and verifying RSA signatures in the GMP plugin, allowing for Bleichenbacher-style low-exponent signature forgery during IKE authentication and in certificates.
Other updated packages included in this incremental update are GNU C Library (glibc) 2.28, Coreutils 8.30, Apache 2.4.35, BIND 9.11.4-P2, GnuTLS 3.5.19, , SQLite 22.214.171.124, Squid 3.5.28, LVM2 2.02.181, NTFS-3G 2017.3.23, dhcpcd 7.0.8, e2fsprogs 1.44.4, reiserfsprogs 3.6.27, xfsprogs 4.18.0, eudev 3.2.6, json-c 0.13.1, keyutils 1.5.11, kmod 25, and tzdata 2018g. Updated add-ons include ClamAV 0.100.2, TOR 0.3.4.9, NFS 2.3.3, HAProxy 1.8.14, hostapd 2.6, and libvirt 4.6.0.
Among other noteworthy changes, we can mention that the IO graphs were updated to support NVMe disks, the SFTP subsystem has been re-enabled in the OpenSSH server, all the backup scripts were rewritten in Shell to include the add-ons backups as well, and the swap behavior was changed to allow the Linux kernel to liberate disk space for large processes when there's not enough RAM available. Three new add-ons were introduced as well, namely dehydrated, frr, and observium-agent.